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REMARKS 

Claims 1-5, 7-12, 14-15, 22-27, and 29 have been amended. No new matter has been 
added. Claims 1-15 and 22 - 29 are under examination. 

REJECTIONS BASED ON 35 U.S.C. 112 
Claim 1 is rejected under 35 U.S.C 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. Claim 1 has been amended to recite "wherein the secure IPSEC 
cache comprises a plurality of cache entries." Therefore, the rejection has been overcome. 

REJECTIONS BASED ON THE PRIOR ART 
35 U.S.C 103(a) 

Claims 1 - 15 and 22 - 29 are rejected under 35 U.S.C 103(a) as being unpatentable 
over Skene et al, hereinafter "Skene" (U.S. Patent Application Publication 2001/0052016 in 
view of Ye, (U.S. Patent No. 6,772,348), in further view of Coss et al., hereinafter "Coss", 
(U.S. Patent Number 6,170,012). The rejection is respectfully traversed for the following 
reasons. 

Currently Amended Claim 1 recites: 

A computer system providing Internet protocol security without secure domain name 
resolution, the system comprising: 

a local domain name service (DNS) server that is communicatively coupled to a 

processor and that includes a secure Internet security protocol (IPSEC) cache, 
wherein the secure IPSEC cache comprises a plurality of cache entries, 
wherein each cache entry comprises a domain name and information that 
uniquely associates the cache entry with a particular application process or 
execution time, wherein the secure IPSEC cache is readable only by an 
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Internet protocol (IP) processing layer of an operating system that controls 
execution of an application program by the processor; 
a security policy data store that is communicatively coupled to the IP processing 
layer; 

a computer-readable medium accessible to the processor and comprising one or more 
sequences of instructions which, when executed by the processor, cause the 
processor to carry out the steps of: 

receiving a message generated as a result of execution of the application 

program and that contains a domain name to be resolved by the local 
DNS server; 

storing, in a first of the cache entries, the domain name contained in the 

message and identifying information that uniquely associates the first 
cache entry with a particular application process or execution time; 

receiving a data packet from the application; 

in response to receiving the data packet from the application, locating an entry 

in the secure IPSEC cache, 
based on the identifying information in the located cache entry, verifying that 

the domain name in the located entry matches the domain name 

contained in the message; 
querying the security policy data store for an IPSEC policy matching the 

domain name in the located entry, wherein the IP processing layer 

verifies that the policy matches the domain name contained in the 

message; 

in response to obtaining an IPSEC policy, applying the IPSEC policy to the 

data packet; and 
purging the matching entry from the cache (emphasis added). 

The prior art fails to teach or suggest the above underscored limitations. The 
references individually, or combined, fail to teach or suggest, "storing, in a first of the cache 
entries, the domain name contained in the message and identifying information that uniquely 
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associates the first cache entry with a particular application process or execution time," as 
claimed. 

Skene does not teach an IPSEC cache and therefore cannot teach these limitations. 
Moreover, Applicants respectfully assert that Skene does not teach or suggest storing the 
claimed identifying information in each cache entry. In the rejection of Claim 7, the Office 
Action asserts that Skene at col. 7, lines 9-36 teaches certain limitations of Claim 7 
pertaining to storing identifying information. Since Skene is a Published U.S. Patent 
Application, referring to Skene by column and line number creates uncertainty as to which 
passage, and to which reference, the Office Action is referring. Applicants respectfully 
request a clarification as to exactly which passage of which reference the Office Action is 
relying on to reject Claim 7. 

Ye's cache is used to cache security data and does not store a domain name, as 
claimed. Ye lists information stored in a cache table entry at col. 6, lines 23 - 46, and none of 
the listed information is a domain name. Applicants note that the Office Action concedes that 
Ye does not teach identifying information that uniquely associates a cache entry with a 
particular application process or execution time. 

Coss teaches a cache that is used to store the results of applying a rule set to a packet 
of a given network session (col. 5, lines 43 - 45). However, Coss does not teach or suggest 
storing, in a cache, a domain name (to be resolved) that is contained in a message from an 
application. Referring to FIG. 4, the table contains an interface and a session key, which may 
contain an IP address. Further, Coss does reveal that a domain can be determined based on an 
interface and IP range (FIG. 6 and col. 6, liens 31 -33). However, the IP address and interface 
in Coss are not the claimed domain name at least because the combination of the IP address 
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and interface and are not "contained in a message from an application" are not "to be resoled 
by a local DNS server", as claimed. 

Furthermore, there is no teaching, suggestion, or motivation to modify any of the 
references to have the combination of limitations presently discussed. 

The references individually, or combined, fail to teach or suggest, "based on the 
identifying information in the located cache entry, verifying that the domain name in the 
located entry matches the domain name contained in the message," as claimed. The domain 
name in the message is recited in Claim 1 as "to be resolved by the local DNS server". Thus, 
this limitation pertains to verifying that the domain name in the located cache entry matches 
the domain name that was to be resolved by the local DNS server. 

Coss fails to teach or suggest these limitations (noting that the limitations must be 
read in the context of the entire claim). The Office Action interprets the session key as the 
claimed identifying information. Applicants respectfully assert that Coss does not teach that 
the session key is used to verify that a domain name in the cache matches a domain name (to 
be resolved by the local DNS server) contained in a message. 

Coss teaches that, prior to accessing the cache, first a domain is determined (step 
503). Coss teaches that the domain is determined based on the interface on which the packet 
is received and an IP address in the packet. Applicants note that up to this point Coss has not 
accessed the cache. 

Coss teaches that once the domain is determined, the cache for that domain is 
searched for a match for the session key (col. 6, lines 36-37). If a match for the session key is 
found in the cache for the domain, then Coss looks at the "action" field of the cache entry for 
that session to determine how to process the packet. The fact that a match for the session key 
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is found in the domain cache may indicate that a packet associated with that session was 
previously processed for the domain. However, the fact that a packet associated with a 
domain was previously processed in no way means that the previously processed packet had 
a domain name in it to be resolved by a local DNS server. 

Thus, Coss does not teach that the session key is used to perform any verification 
with respect to a domain name. In particular, Coss does not teach that the session key is used 
to verify that a domain name in the cache entry matches a domain name (that was to be 
resolved by a local DNS server) contained in a message, as claimed. 

Applicants note that the Office Action concedes that Ye does not teach limitations 
similar to those presently discussed. Applicants agree with this assessment of Ye. 

Furthermore, as Applicants have previously argued that Skene does not teach or 
suggest storing the claimed identifying information in each cache entry, then Skene cannot 
meet the presently discussed claim limitations. 

Furthermore, there is no teaching, suggestion, or motivation to modify any of the 
references to have the combination of limitations presently discussed. 

For the foregoing reasons, Claim 1 is allowable. Independent Claims 8, 15 and 22-23 
recite similar limitations to those in Claim 1 . For at least the reasons discussed in the 
response to Claim 1, Claims 8, 15, and 22-23 are believed to be allowable. 

The dependent claims not so far discussed recite patentable subject matter for at least 
the same reasons their respective independent claims recite patentable subject matter. 
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CONCLUSION 

The Applicant believes that all issues raised in the Final Office Action have been 
addressed and that allowance of the pending claims is appropriate. 

The Examiner is respectfully requested to contact the undersigned by telephone if it is 
believed that such contact would further the examination of the present application. 

For the reasons set forth above, it is respectfully submitted that all of the pending 
claims are now in condition for allowance. Therefore, the issuance of a formal Notice of 
Allowance is believed next in order, and that action is most earnestly solicited. 

To the extent necessary to make this reply timely filed, the Applicant petitions for an 
extension of time under 37 C.F.R. § 1.136. 
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If any applicable fee is missing or insufficient, throughout the pendency of this 
application, the Commissioner is hereby authorized to any applicable fees and to credit any 
overpayments to our Deposit Account No. 50-1302. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 



Date: March^Q , 2007 




Ronald M. Pomerenke 
Reg. No. 43,009 



2055 Gateway Place, #550 

San Jose, CA95110 

Telephone: (408) 414-1080, ext. 210 

Facsimile: (408)414-1076 



CERTIFICATE OF MAILING 

I hereby certify that this correspondence is being deposited with the United States Postal 
Service as first class mail in an envelope addressed to: Mail Stop Amendment, 
Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450. 
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